Data breach at Singapore’s largest health company

Share this…

More than 1M patient records were stolen

SingHealth, a health care group, suffered a massive data breach that allowed hackers to obtain personal information from 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018, as reported by enterprise data protection services experts from the International Institute of Cyber Security.

SingHealth is the largest medical care group in Singapore, with two tertiary clinics, five national clinics and eight polyclinics.

A statement issued by the Ministry of Health in Singapore reports that, in addition to personal data, hackers also managed to steal information on prescription drugs from nearly 160K patients, including the Prime Minister of Singapore, Lee Hsien Loong, and some other members of the government.

According to reports by specialists in enterprise data protection services, the stolen information includes patient’s name, age, address, birth dates and social security numbers.

The Ministry of Health said that the hackers “repeatedly and intentionally” searched information about the Prime Minister’s recipes.

So far there is no evidence of who was behind the attack, but the Ministry of Health declared that the attack “was not the work of occasional hackers or criminal gangs”. Local media also speculate that the group in charge could be sponsored by some government.

Investigations by the Singapore Cyber Security Agency and the Integrated Health information System also support the version that it was a deliberate, selective and well-planned cyber attack.

Commenting on the attack through a Facebook post, the Singapore’s Prime Minister said he believes that the attackers are “extremely skillful and determined” and that they have “huge resources” to carry out their attacks.

The Government of Singapore has assured its citizens that no one manipulated or erased their medical records and that no diagnoses, laboratory results or medical notes were stolen in the attack.

Specialists in enterprise data protection services report that all affected patients will be contacted by the health institution in the upcoming days.

As the health sector is considered part of any State’s critical infrastructure, along with water, electricity and transport, it has become one of the hackers’ preferred targets.

In recent years, it has been increasingly frequent cyber attacks aimed at the health sector. Last month, it was revealed that the DNA records of more than 92 million of MyHeritage’s clients were stolen in the past year by an unknown hacker or hacker group.

Similarly, earlier this year, it was reported that health information for more than half of Norway’s population was exposed in a massive data breach directed against the country’s main health organization.